Sometimes you do everything right, but hackers still manage to attack you. This is what happened to a tradesman’s company in Berlin: invoices were sent to customers in his name, and they paid them immediately. There was no suspicion, because the customers had actually worked with this service provider in the recent past. How can something like this happen? Perseus answers this question and once again acts as an expert for the investigative magazine “Täter, Opfer, Polizei”.
Cybercrime in craft businesses
The threat of attacks from the Internet is increasing. The IT forensics and cyber experts at Perseus are also noticing this. The number of cyberattacks increased by 67 percent from the second half of 2019 to the first half of 2020. According to an internal analysis of cyber emergencies handled by Perseus cyber experts, electrical, installation or tool companies are also repeatedly among the victims. This comes as no surprise to Detective Chief Inspector Peter Vahrenhorst of the LKA North Rhine-Westphalia. In an interview with Perseus for its cybersecurity study, he explained that it is mainly small and medium-sized companies that become victims of cybercrime. The reason for this, he said, is that these companies often do not have sufficient resources to deal comprehensively with the issues of cybersecurity and data protection. The main business is in the foreground.
Craft businesses see no cyber risk for themselves
A 2019 study by the Signal Iduna Group took an in-depth look at cybersecurity in the skilled trades sector. Here, 500 digitally connected businesses were surveyed. It shows that the general danger is still significantly underestimated. Three quarters of the companies surveyed state that they do not see any acute threats to their own business. According to their assumption, they are too small to attract the interest of hackers. A fallacy, as the results of this study show. More and more craft businesses are being targeted by cybercriminals. According to the Signal Iduna study, almost one in five businesses has already been the victim of an attack.
The causes are complex: weak passwords, the use of public wifi connections and unsecured communication channels are among the most frequently exploited security gaps. However, e-mail continues to be the greatest source of danger. In more than 80 percent of cyberattacks on craft businesses, this served as the gateway.
CEO Fraud as a Fraud Scheme
As described in the introduction, phishing is one of the most common types of attack, especially CEO fraud. In CEO fraud, everyday professional situations are exploited to get employees to transfer a higher sum of money or share sensitive data by means of fake e-mails from their alleged superiors.
CEO fraud is usually based on extensive research. The hackers find out about the company, the employees, the supervisor and the company structures. Often, the hackers select a specific victim about whom they gather additional information. All channels are used for this, such as the company homepage, social media profiles or direct calls to the company.
Then the actual attack takes place. This is done either by compromising an email account or using a domain that is deceptively similar to the one being imitated. The previously collected information is now used to carry out the fraud. In the process, the communication and writing style of the supervisor is imitated so that no distrust can arise in the employee. To make the process even more realistic, the request for payment is preceded by an email exchange, often explaining why one’s supervisor is temporarily unavailable and thus unavailable for phone queries.
As with other phishing attacks, the attacker plays on the victim’s emotions by either building up pressure or appealing to a sense of shame that, for example, an invoice was not paid on time. With these means, hackers often reach their goal and the employee transfers the desired amount.
How can you protect yourself?
There is no one hundred percent protection, but there are small clues that can be used to recognize CEO fraud.
- One should carefully check the sender email address as well as the domain. Small anomalies, such as the absence of a letter, can already indicate that a fraudster is at work. It is particularly advisable to configure the e-mail program used in such a way that the sender’s e-mail address is always displayed in addition to the sender’s display name, as hackers increasingly forge the sender’s name.
- In addition, the text of the e-mail should be checked carefully. If it contains a large number of spelling errors, it may be a phishing e-mail.
- The communication and writing style can also provide important insights. If the manager is suddenly addressed as “Sie” (you), even though people in the company are actually on first-name terms, this may indicate that the e-mail does not come from the boss.
Nowadays, however, hackers are so professional that it is almost impossible to distinguish a fraudulent e-mail from a genuine one. It is therefore advisable to involve another person to assess the incident. If you have the slightest doubt, you should listen to your gut feeling, because it is better to be safe than sorry.
Perseus in the TV magazine “Perpetrators, Victims, Police
For a long time now, not only burglary series or violent crimes have been presented in the TV magazine “Täter, Opfer, Polizei”. More and more frequently, hacker attacks and cybercrime are coming into focus. As also in this episode (First broadcast on Sunday, 29.11.2020, 19:00 on RBB). Here, the current case of the Berlin craft business that was the victim of a hacker attack, described here, is the subject of discussion.